Security Certification options

Hello everyone,

I'm brand new to the site. I've been in IT just over 15 years (I don't have a BS or Masters degree), most of which was spent doing 2nd/3rd level Desktop Support, Server Administration and now network administration. As I look to the next phase of my career, security is an area that I'm looking to pursue. I see myself looking for a security engineer type role, but I am open to other positions. I hold a number of certifications as you can see in my profile, but want to work on the next one.

Most of my server experience was with Active Directory, Exchange, and VMware. I've also done a lot with disaster recover planning and testing. Nowadays, I'm on the network side of the house, but not for a huge environment.

Certifications are time consuming but I feel are necessary for me. I'm trying to decide which to do first. An obvious choice for me would continue the cisco path and go for CCNP Security or CCIE Security. Another choice I thought of was saving that for later and pursue some firewall certifications, such as CheckPoint CCSA, Palo Alto PCNSE and/or Fortinet. Not sure if I need all of those. My final option is go straight for CISSP.

Anyone heading down a similar path?

I'm self funding all of my training by the way.

- C

Find more posts tagged with

Comments

Remedymp

The CASP might be more in your direction than anything else mentioned.

CE1028

Remedymp wrote: »

The CASP might be more in your direction than anything else mentioned.

hmmm I never really heard of or looked into that one. I see now that it is a Comptia cert

E Double U

Go the CCNP Security route if you are interested in a firewall cert and want to keep your other Cisco certifications valid. After that I would go into CISSP.

My path was CCNP Security -> CISSP -> GCIH

CE1028

E Double U wrote: »

Go the CCNP Security route if you are interested in a firewall cert and want to keep your other Cisco certifications valid. After that I would go into CISSP.

My path was CCNP Security -> CISSP -> GCIH

Would you not recommend CISSP => CCNP Security?

I was looking at other firewall vendors only because not everyone uses Cisco (where my experience is)

cmztech

In my own research on the topic, I feel as though CISSP gets you to the money and gets doors to fly open in both private and government sectors, much faster. As for what it sounds like you want to do, I would say CCNP Security is going to make you a better security person, skills wise. Whether it's Cisco or another vendor, in the end all networks send frames and packets.

If you can use Cisco products then in my mind it's the difference between flying one model of a helicopter and then being forced to fly another model of helicopter. They are both choppers, but the only difference being they have different controls.

(2 cents from a grasshopper)

CE1028

cmztech wrote: »

In my own research on the topic, I feel as though CISSP gets you to the money and gets doors to fly open in both private and government sectors, much faster. As for what it sounds like you want to do, I would say CCNP Security is going to make you a better security person, skills wise. Whether it's Cisco or another vendor, in the end all networks send frames and packets.

If you can use Cisco products then in my mind it's the difference between flying one model of a helicopter and then being forced to fly another model of helicopter. They are both choppers, but the only difference being they have different controls.

(2 cents from a grasshopper)

It really is about opening doors too. One reason why I was not going to pursue the CCNP Security is because it tests on products/technologies that I don't use day to day. This sometimes makes retaining knowledge harder. You never want to just pass a cert and forget everything.

I don't use CheckPoint day to day either, but I feel your analogy fits here. If I know ASA firewalls (I'm not an expert per say, getting there), I can learn CP firewalls easier. Maybe that makes me more marketable, I'm not sure.

danny069

Since you already have your CCNA R&S and CCNA Security and you are in networking now, hold off on the CCNP Security, because you can come back to that. Go right for your CISSP, make sure you read all the requirements to become CISSP certified, then after you obtain that, go the CCNP Security, CCIE Security route.

E Double U

CE1028 wrote: »

Would you not recommend CISSP => CCNP Security?

Depends on when your CCNP R/S expires.

TechGromit

Currently my Path is CCNA --->, CISSP --->, OSCP ---->, GPEN. I haven't planned beyond that.

CE1028

thanks everyone who replied. I have 2 years before my CCNP RS expires, so I have some time to decide

E Double U

Then that is plenty of time to complete the CISSP before getting into CCNP Security.

docrice

"Security" can have different meanings here. Do you want to manage security appliances, or do you want all-around security? There's a difference since I consider vendor-specific training to be more about knowing the ins-and-outs of product features and configuration rather than data analysis, incident response, anomaly hunting, forensics, etc..

I've seen too many cases where someone knows products but knows little what actually happens beneath the surface. With security solutions being what they are (that is, limited) and the arms-race clearly in favor of the offense, doing good defense requires having an insight beyond what the UI tells you and digging into the raw data and questioning the design assumptions of the appliances. Being able to vet FPs comes to mind, especially with any of the firewall vendors you mentioned. I've worked with all of them to different degrees.

CE1028

docrice wrote: »

"Security" can have different meanings here. Do you want to manage security appliances, or do you want all-around security? There's a difference since I consider vendor-specific training to be more about knowing the ins-and-outs of product features and configuration rather than data analysis, incident response, anomaly hunting, forensics, etc...

I do like managing security appliances. However, I do not want to box myself in. I don't currently have an interest in forensics

E Double U

TechGromit wrote: »

Currently my Path is CCNA --->, CISSP --->, OSCP ---->, GPEN. I haven't planned beyond that.

Would you even need GPEN if you have OSCP?

ZzBloopzZ

E Double U wrote: »

Would you even need GPEN if you have OSCP?

US Gov't loves SANS certs!